Posts Tagged ‘Warrantless Search’

In August, 2013, I blogged about an insurance company’s latest product feature that enabled their customers to download all of their insurance verification documents to their cellphone through a software application. The marketing company devised a commercial whereby a pig driving a car was pulled over, and subsequently the pig handed his cellphone over to the officer, presumably to show the officer that he had insurance information (I didn’t make this up). At that time, I suggested there would be significant unintended consequences to people who turned over their cellphone to a police agency.

In a unanimous decision Wednesday, the Supreme Court of the United States ruled that police officers need a search warrant to search cellphones of individuals arrested. This decision would likely apply to tablets and laptop computers, as well as potentially searches of homes and businesses and information held by third parties, like phone companies or cloud providers. Chief Justice John G. Roberts stated that cellphones are “such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy.” What’s more interesting is that, in writing for the majority of the Court, Chief Justice Roberts acknowledges the fact that cellphones are more than a device that you merely speak into and listen – a truly forward thinking statement for such a traditional body of government.

When looking at this in the context of the insurance company’s phone app product, there still are significant unintended consequences that people need to be made aware. Namely, while the new law prohibits warrantless searches of cellphones, relinquishment of a cellphone to a police agency is still not advisable. They can simply confiscate the device, and then go get a warrant to search it at a later date.

To data privacy professionals and advocates, January 28th is an opportunity to create awareness and underscore the importance of how mission-critical data can affect our daily routine. In two separately released reports by “data” giants Google, Inc. and Twitter, Inc., both companies conclude that the U.S. government rarely establishes probable cause or obtains a search warrant from an impartial judge when wishing to obtain information, or conduct electronic surveillance, on users to those sites.

According to its own report in the second half of last year, Google, Inc., received, from the U.S. and other foreign governments, 21,389 requests for information about 33,634 of its users. The report states that this is a 70% increase over the last 3 years. Interestingly, of the 21,389 requests, Google admits to turning over personal information in two-thirds of those cases. The Google report states that over the last six months, United States government officials have made 8,438 requests for data, and 88 percent of the time, Google complied.

Twitter, Inc.’s, unaffiliated report states that the company complied nearly 7 out of 10 times where there was a request for user data. The Twitter report also mentioned that most requests from U.S. government agencies came with no more than a subpoena, which requires a relatively low burden of proof, and allows the government to request basic user information, like IP addresses and user e-mail addresses associated with the account. Only 19 percent of the information requests came with a search warrant, which the company says it requires for disclosing the content of communications. Another 11 percent were accompanied by a court order, which requires a judge’s approval.

Both companies are using the launch date of their respective reports, January 28th (Data Privacy Day), to garner support against broad government access to personal online data. Among the objectives of the reports, Google and Twitter seek the public’s support to lobby Congress in updating antiquated laws like the Electronic Communications Privacy Act off 1986 (note the enactment date of that law…did widespread e-mail use even exist in 1986?). Currently, some federal courts, specifically those located in the Ninth Circuit, are trying to address electronic warrantless government intrusion, but the need for Legislative action would be another big step in the right direction.

It has been my experience that most U.S. government officials understand the need to balance an individual’s right to privacy against their purpose to protect the public interest and welfare. The most effective means in dealing with a government request for access to mission-critical data is to (1) carefully scrutinize the request, (2) limit the scope of the search, and (3) when not prohibited by law, contact the party affected.